Skip to content

Finnish municipalities, agencies brace for simulated cyberattack

The operation began with an activist group threatening cyberattacks unless it was paid a ransom in bitcoin.

Image: Henrietta Hassinen / Yle

More than 200 Finnish municipalities and public organisations are rehearsing how to respond to possible cyberattacks. The Population Register Centre is coordinating a simulated attack dubbed Taisto19 ('fight 19'). In the scenario, a hacker group is demanding that the organisations pay ransoms and carries out a series of cyberattacks.

On 10 October, 235 public organisations received a demand in which an activist group calling itself #Tietovuoto321 ('data breach 321') threatened to carry out cyberattacks if it was not paid a ransom fee in bitcoin by a certain date.

The Population Register Centre says that organisers have tried to make the situation as realistic as possible, and that it could easily be true.

Since the first ultimatum, the situation has been gradually developing in the lead-up to the main practice days, when the agencies and towns will see their websites and data systems come under simulated attack. There have already been two practice days in the past month, with a third scheduled for next week.

Organisations "waking up" to new threats

While it may not be possible to effectively deflect such threats in real life, the aim of the exercise is to bolster organisations' abilities to cope with an attack.

This is the second Taisto exercise arranged by the Population Register Centre, which is tasked with promoting the digitalisation of society and electronic services in Finland. It operates under the Ministry of Finance. The agency's general secretary, Kimmo Rousku, says that organisations have responded enthusiastically to the exercises.

He says that organisations have in recent years begun to wake up to new types of threats and the fact that they may come under attack.

This year Finnish towns such as Lahti, Pori and Kokemäki, as well as an array of public websites, have faced cyberattacks.